On Fri, Feb 11, 2005 at 04:41:19PM +0100, Victor Julien wrote:
> > yes. personally (for whatever that is worth), i allow ICMP Types 3, 11,
> > and 12 [*].
>
> Will these all be accepted by the accepting all RELATED packets? Or do i need
> extra rules to allow them?
in theory--they are RELATED. in practice, i allow them explicitly.
looking at one of my firewalls, it appears as though there are ICMP Type
3 packets that get past the RELATED rule and hit the explicit allow rule,
but the counters for the explicit allow for types 11 and 12 are at 0.
-j
--
"Me lose brain? Uh, oh! Ha ha ha! Why I laugh?"
--The Simpsons
